Mobile users face more frequent attacks from cybercriminals who exploit weaknesses in applications and services and use SMS phishing tactics, according to the 2023 "Global Mobile Threat Report" from Zimperium, a mobile security firm.
- Mobile devices are increasingly becoming targets of phishing attacks. In fact, 80% of phishing sites are specifically designed for mobile devices or can function on both desktop and mobile devices. Shockingly, SMS phishing attacks are six to ten times more likely to be successful than email-based attacks.
- During 2022, Zimperium's anti-phishing technology detected an average of four malicious or phishing links clicked for every device it covered.
- Apple and Android devices both saw an increase in detected vulnerabilities. In 2022, a 138% increase in critical Android vulnerabilities was discovered, while Apple iOS accounted for 80% of the zero-day vulnerabilities being actively exploited.
- Malware continues to spread rapidly. The total number of unique mobile malware samples rose by 51% between 2021 and 2022, with over 920,000 samples detected.
- In 2021, Zimperium found malware on 1 out of 50 Android devices, but in 2022, that number increased significantly to 1 out of every 20 devices.
- Insecure cloud storage configurations in mobile apps are a leading attack surface. Research shows that approximately 2% of all iOS and 10% of all Android mobile apps access insecure cloud instances.
- A significant percentage of application samples submitted to public repositories (23% for Android and 24% for iOS) were found to be malicious. As a result, the number of compromised devices nearly tripled (up 187%) because these tactics proved effective.
Takeaways:
- As mobile evolves into our primarily used devices, they become lucrative to attackers more than ever.
- Android devices are harder to keep secure due to the proliferation of brands and versions and, in many instances, reliance on OEM manufacturers for patching.
- SMS attacks continue to evolve and, over time, will dominate. Malicious websites can detect the endpoint device, aim for possible vulnerabilities or weaknesses, and deliver a targeted attack against a specific device.
- Lack of properly secured configuration of the devices and associated cloud services can lead to compromise and data theft.
- URL shorteners are used in over 80% of SMS messages and are dangerous (especially from unknown senders) because they hide a destination page from view.
#ALTACyber
------------------------------
Genady Vishnevetsky
Chief Info Security Officer
Stewart Title Guaranty Company
Houston TX
------------------------------